Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Internet Explorer Zero-Day Bug Used in Google Attack

Geoff Duncan
By
internet-explorer-logo

Microsoft has acknowledged a so-called zero-day vulnerability in Microsoft Internet Explorer was used in attacks on Google and 20 or more other companies doing business doing business in China. Microsoft’s notification about the flaw coincided with a public statement from computer security firm McAfee, describing the bug and how it was used to target Google and other corporate networks.

The flaw impacts all officially supported combinations of Microsoft’s Internet Explorer browser and Windows operating system, with the sole exception of using very-old Internet Explorer 5.01 on Windows 2000 Service Pack 4. That means that essentially anyone using Internet Explorer 6, 7, or 8 on Windows 2000 SP4, Windows XP, Windows Vista, Windows 7, and Windows Server is vulnerable to the problem, across both 32- and 64-bit versions of the operating systems.

Attackers—which VeriSign’s iDefense has identified as the Chinese government or agents thereof—exploited the flaw by sending messages to targeted Google employees, forged to look like they were from a trusted source. If a user clicked a malicious link in the message, the users’ computers were compromised, downloading and installing backdoor software that enabled attackers to gain complete control of the computer. Presumably, from there, attackers monitored computer usage and data in an effort to obtain passwords and other valuable information.

McAfee is dubbing the attacks against Google and other companies’ operations in China “operation Aurora” because the word “Aurora” appears in file paths included in two of the malware binaries associated with the attack. The pathname would presumably have come from the attackers’ systems. McAfee describes “Operation Aurora” as a coordinated, highly targeted attack going after high profiled companies and their intellectual property, coordinated to take place while many employees were away on December holidays to maximize the amount of time the attack could operate. “All I can say is wow,” wrote McAfee CTO George Kurtz. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

Editors' Recommendations

Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
Windows 11 2022 Update: the best new features to try out today
Android Apps on Windows 11
Windows 11 vs. Windows 10: Finally time to upgrade?
Windows 11 and Windows 10 operating system logos are displayed on laptop screens.
Best Adobe Photoshop deals for September 2022
Close up of Adobe Photoshop app icon being chosen from among other Adobe apps on a laptop screen.
Save $550 on this HP gaming PC with an RTX 3070 today
The HP OMEN 40L desktop gaming PC against a white background.
Hurry — Dell XPS 13 is $550 off in Dell’s monster clearance sale
Dell XPS 13 on a table displaying the Digital Trends logo.
Flash deal drops this 15-inch Dell laptop to just $250
The Dell Inspiron 15 3000 laptop front-facing and displaying an image of a woman smiling.
Best Prime Day Deals: What to expect from the October event
Best Prime Day 2022 Deals graphic with multiple products.
Twitter is building a menu option for Twitter Shops
A person's hands holding a smartphone as they browse Twitter on it.
The best Mac games for 2022
epic games needs to address fortntte crunch fortnite on mac 7614
Apple has a bunch of new products coming, but not this year
Tim Cook Apple Unleashed
Lenovo is practically giving away this 2-in-1 laptop today
The sixth-generation Lenovo ThinkPad 11e Yoga in laptop form.
Lenovo Legion i7 gaming PCs and laptops both got massive discounts
The Lenovo Legion 7i gaming laptop against a white backdrop.